Trust Assessment
jami received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 9 findings: 4 critical, 1 high, 2 medium, and 2 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via unsanitized CONTACT_ID, Command Injection via unsanitized MESSAGE.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized CONTACT_ID The `CONTACT_ID` variable, taken directly from user input (`$1`), is used without sanitization in the `jami call` command. An attacker can inject arbitrary shell commands by providing a malicious `CONTACT_ID` (e.g., `someid; rm -rf /`). The shell will interpret the semicolon as a command separator, executing the injected command. Implement strict input validation for `CONTACT_ID` to ensure it conforms to the expected Jami ID format (e.g., a hexadecimal string) and does not contain shell metacharacters. | LLM | scripts/jami_caller.sh:29 | |
| CRITICAL | Command Injection via unsanitized MESSAGE The `MESSAGE` variable, taken directly from user input (`$3`), is used without sanitization in the `jami message send` command. An attacker can inject arbitrary shell commands by providing a malicious `MESSAGE` (e.g., `"Hello"; rm -rf /`). The shell will interpret the semicolon as a command separator, executing the injected command. Implement input sanitization for `MESSAGE` to escape or remove shell metacharacters before passing it to the `jami` command. | LLM | scripts/jami_caller.sh:38 | |
| CRITICAL | Command Injection via unsanitized LOG_FILE path The `LOG_FILE` variable, derived from user input (`$1`), is used without sanitization in `tee -a "$LOG_FILE"`. An attacker could specify a malicious path like `"/tmp/log; rm -rf /"` to execute arbitrary commands. The shell will interpret the semicolon as a command separator. Implement strict input validation for `LOG_FILE` to ensure it is a safe and valid file path, or restrict it to a predefined, secure directory. Escape or remove shell metacharacters. | LLM | scripts/jami_listener.sh:29 | |
| CRITICAL | Second-order Command Injection via unsanitized contact NAME and ID The `NAME` and `ID` variables, taken from user input, are stored in `$HOME/.jami_contacts.txt` and later retrieved. When `NAME` is used in `grep "^$NAME="`, a malicious `NAME` containing regex metacharacters or shell command substitutions could lead to unexpected behavior or command execution. When `ID` is retrieved and used in `jami call "$ACCOUNT_ID" "$ID"`, a malicious `ID` (e.g., `someid; rm -rf /`) previously stored in the file would lead to command injection. Implement strict input validation for `NAME` and `ID` before they are stored in the contacts file. Ensure they conform to expected formats and do not contain shell metacharacters or regex special characters. When using `grep` with variable patterns, use `grep -F` for fixed string matching to prevent regex injection. | LLM | scripts/jami_contacts.sh:40 | |
| HIGH | Command Injection via unsanitized DURATION The `DURATION` variable, taken directly from user input (`$2`), is used without sanitization in the `sleep` command. An attacker could inject shell commands (e.g., `5; rm -rf /`) which would be executed after the `sleep` command. Validate `DURATION` to ensure it is a positive integer and does not contain any shell metacharacters. | LLM | scripts/jami_caller.sh:42 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/snail3d/voice-devotional/jami-skill/scripts/jami_contacts.sh:7 | |
| MEDIUM | Logging sensitive call details to world-accessible /tmp directory The `jami_listener.sh` script logs potentially sensitive call details (e.g., caller IDs, call status) to `/tmp/jami_listener.log` by default. Files in `/tmp` are typically world-readable or easily accessible by other users/processes on the system, which could lead to unauthorized disclosure of communication metadata. Store logs in a more secure, restricted directory (e.g., a dedicated skill-specific directory with appropriate permissions) or ensure the log file has strict permissions (e.g., `chmod 600`). Avoid default logging sensitive data to `/tmp`. | LLM | scripts/jami_listener.sh:4 | |
| LOW | Jami account ID potentially leaked to standard output The `jami_caller.sh` script explicitly echoes the `ACCOUNT_ID` (which is read from the `JAMI_ACCOUNT_ID` environment variable) to standard output. If the orchestrating environment logs standard output, this could lead to the exposure of a sensitive credential (the Jami account ID). Avoid echoing sensitive credentials like `ACCOUNT_ID` to standard output. If debugging is required, use a secure logging mechanism that restricts access to sensitive information. | LLM | scripts/jami_caller.sh:25 | |
| LOW | Storing sensitive Jami contact IDs in an unencrypted file The `jami_contacts.sh` script stores Jami contact names and IDs in a plain-text file `$HOME/.jami_contacts.txt`. While located in the user's home directory, this file contains potentially sensitive personal information (Jami IDs) and is not encrypted. Other processes running under the same user or with elevated privileges could access this data. Ensure the `$HOME/.jami_contacts.txt` file has strict permissions (e.g., `chmod 600`) to prevent unauthorized access. For highly sensitive data, consider encrypting the file or using a secure credential store. | LLM | scripts/jami_contacts.sh:5 |
Scan History
Embed Code
[](https://skillshield.io/report/602b16cac0ed74ea)
Powered by SkillShield